[cifs-protocol] show-recycled and show-deleted LDAP controls

Sat Feb 26 02:24:19 MST 2011

Hi Edgar,
I didn't had the time to investigate this but for sure I was on level 
2008R2 and didn't had the recycle bin activated.

I'll keep you inform soon.

Matthieu.

On 26/02/2011 08:11, Edgar Olougouna wrote:
> Matthieu,
>
> I wanted to drop a quick note for an explicit closure to this thread. I was able to observe the following in the lab. I also ran this through our AD experts.
>
> -	DC running Windows Server 2008 R2 with a forest functional level of Windows Server 2003: the test duplicates the behavior you observed. Here the LDAP_SERVER_SHOW_RECYCLED_OID control is not meaningful since the forest does not meet the requirements specified in MS-ADTS 3.1.1.8.1 Recycle Bin Optional Feature.
>
> -	DC running Windows Server 2008 R2 with a forest functional level of Windows Server 2008 R2, and recycle bin optional feature enabled (see MS-ADTS 3.1.1.8.1 and my previous email): the test results are consistent with the MS-ADTS document. The LDAP_SERVER_SHOW_DELETED_OID control returns only deleted objects with isDeleted=TRUE. The LDAP_SERVER_SHOW_RECYCLED_OID control returns deleted objects isDeleted=TRUE and recycled objects isRecycled=TRUE.
>
> As a result MS-ADTS appears to describe the expected behavior, as I mentioned in my initial answer.
>
> Hope this helps.
>
> Regards,
> Edgar
>
> -----Original Message-----
> From: Edgar Olougouna
> Sent: Thursday, February 24, 2011 5:13 PM
> To: 'mat at samba.org'
> Cc: pfif at tridgell.net; cifs-protocol at samba.org
> Subject: RE: show-recycled and show-deleted LDAP controls
>
> Matthieu,
>
> Can you confirm whether the forest functional level is Windows Server 2008 R2 and that the recycle bin is enabled?	
>
> Active Directory Recycle Bin Step-by-Step Guide http://technet.microsoft.com/en-us/library/dd392261(WS.10).aspx
> Step 1: Enable Active Directory Recycle Bin http://technet.microsoft.com/en-us/library/dd379481(WS.10).aspx
>
> Thanks,
> Edgar
>
> -----Original Message-----
> From: Matthieu Patou [mailto:mat at samba.org]
> Sent: Thursday, February 24, 2011 1:28 AM
> To: Edgar Olougouna
> Cc: pfif at tridgell.net; cifs-protocol at samba.org
> Subject: Re: show-recycled and show-deleted LDAP controls
>
> Edgar,
> On 17/02/2011 09:30, Edgar Olougouna wrote:
>> Matthieu,
>>
>> The LDAP_SERVER_SHOW_DELETED_OID (section 3.1.1.3.4.1.14) control is used with an LDAP operation to specify that tombstones and deleted-objects are visible to the operation.
>> The LDAP_SERVER_SHOW_RECYCLED_OID is used with an LDAP operation to specify that tombstones, deleted-objects, and recycled-objects are visible to the operation.
>> When the LDAP_SERVER_SHOW_RECYCLED_OID (section 3.1.1.3.4.1.26) control is used with an LDAP search operation, the search results include any tombstones, deleted-objects, or recycled-objects that match the search filter.
>> The above controls specify respectively which subset of objects is visible to the search, the results will simply match the filter, in your trace Filter: (isDeleted=TRUE).
> Ok but the initial question is why when we have LDAP_SERVER_SHOW_DELETED_OID I can see object that has been recycled (those with isRecycled=TRUE), from what you explained it should be shown only if I specify the LDAP_SERVER_SHOW_RECYCLED_OID no ?
>
>
>> Also I wanted to double check that your forest functional level is Windows Server 2008 R2. This is required prior to enabling the Recycle Bin optional feature, which in turn is required for recycled objects functionality.
> I have 2008 R2 server.
>> MS-ADTS 3.1.1.8.1 Recycle Bin Optional Feature The Recycle Bin
>> optional feature requires a Forest Functional Level of DS_BEHAVIOR_WIN2008R2 or greater.
>>
>> When the Recycle Bin optional feature is enabled, object deletion is performed in three stages.
>> Stage 1. Active object transformed into a deleted object (isDeleted=TRUE).
>> Stage 2. Deleted object transformed into a recycled object (after deleted-object lifetime, isRecycled=TRUE).
>> Stage 3. Recycled object is garbage collected (after tombstone lifetime).
>>
> Matthieu.

-- 
Matthieu Patou
Samba Team        http://samba.org
Private repo      http://git.samba.org/?p=mat/samba.git;a=summary